Security Labs

Insights

Alerts

BOOKMARK THIS ALERT

digg
|
del.icio.us
|
reddit
newsvine
|
furl
|
technorati

Binsservicesonline Scam Spreading on Facebook and SEO Poisoning

Date:01.05.2010

Threat Type: Malicious Web Site / Malicious Code

Websense Security Labs™ ThreatSeeker™ Network has discovered several spam messages on Facebook that trick the user into visiting BINSSERVICESONLINE(dot)INFO. When the link in the message is clicked, the Web site redirects the user to an online scam site similar to the one we published in the blog Google Scam Kits in mid-December. The use of Facebook to distribute links that lead to Google scam kits is fairly new, and is sure to trick some users into buying the kits.

A lot of users have apparently received this message, as it quickly became a popular search string on Google. As we've seen in the past, there are criminal groups monitoring the popular search terms on Google and other search engines to start their own malicious attacks, so it didn't take long until we started seeing Google search results for BINSSERVICESONLINE leading to rogue AV products.

Note that the two attacks are done by separate groups of criminals. One group started the spam attacks on Facebook and another started manipulating Google results.

We can see many messages spreading in Facebook, for example:

BINSSERVICESONLINE.INFO redirects to the following scam site:

Google search results for BINSSERVICESONLINE:

The Google Trend showing the hot CTR for BINSSERVICESONLINE:

Websense® Messaging and Websense Web Security customers are protected against this attack.